[RFC][PATCH] Inherit loginuid from parent
Steve Grubb
sgrubb at redhat.com
Fri Jan 7 01:27:53 UTC 2005
On Thursday 06 January 2005 19:42, Serge Hallyn wrote:
> I'm testing it by hacking auditctl.c to do an execl("/bin/sh",
> "/bin/sh"); if it was called on a -L. Before the "auditctl -L 25,ab" my
> loginuid is -1, after (on, say, a "auditctl -m cd") it is 25. Without
> the patch, it is always -1.
That's what I noticed and made me say I didn't think it was working right.
> Is that (-1 default loginuid until PAM sets it) the desired behavior?
If there is no logins, there's nothing to *set* the user ID. The number
returned needs to be fictional so its not mistaken for root or a real user.
-Steve Grubb
More information about the Linux-audit
mailing list